From 9ada0093e92388590c7368600ca4e9e3e376f0d0 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 16:22:51 +0200 Subject: Adding upstream version 1.5.2. Signed-off-by: Daniel Baumann --- modules/pam_lastlog/pam_lastlog.8.xml | 343 ++++++++++++++++++++++++++++++++++ 1 file changed, 343 insertions(+) create mode 100644 modules/pam_lastlog/pam_lastlog.8.xml (limited to 'modules/pam_lastlog/pam_lastlog.8.xml') diff --git a/modules/pam_lastlog/pam_lastlog.8.xml b/modules/pam_lastlog/pam_lastlog.8.xml new file mode 100644 index 0000000..bada2ea --- /dev/null +++ b/modules/pam_lastlog/pam_lastlog.8.xml @@ -0,0 +1,343 @@ + + + + + + + pam_lastlog + 8 + Linux-PAM Manual + + + + pam_lastlog + PAM module to display date of last login and perform inactive account lock out + + + + + pam_lastlog.so + + debug + + + silent + + + never + + + nodate + + + nohost + + + noterm + + + nowtmp + + + noupdate + + + showfailed + + + inactive=<days> + + + unlimited + + + + + + + DESCRIPTION + + + pam_lastlog is a PAM module to display a line of information + about the last login of the user. In addition, the module maintains + the /var/log/lastlog file. + + + Some applications may perform this function themselves. In such + cases, this module is not necessary. + + + The module checks option in + /etc/login.defs and does not update or display + last login records for users with UID higher than its value. + If the option is not present or its value is invalid, no user ID + limit is applied. + + + If the module is called in the auth or account phase, the accounts that + were not used recently enough will be disallowed to log in. The + check is not performed for the root account so the root is never + locked out. It is also not performed for users with UID higher + than the value. + + + + + + OPTIONS + + + + + + + + Print debug information. + + + + + + + + + + Don't inform the user about any previous login, + just update the /var/log/lastlog file. + This option does not affect display of bad login attempts. + + + + + + + + + + If the /var/log/lastlog file does + not contain any old entries for the user, indicate that + the user has never previously logged in with a welcome + message. + + + + + + + + + + Don't display the date of the last login. + + + + + + + + + + Don't display the terminal name on which the + last login was attempted. + + + + + + + + + + Don't indicate from which host the last login was + attempted. + + + + + + + + + + Don't update the wtmp entry. + + + + + + + + + + Don't update any file. + + + + + + + + + + Display number of failed login attempts and the date of the + last failed attempt from btmp. The date is not displayed + when is specified. + + + + + + + + + + This option is specific for the auth or account phase. It + specifies the number of days after the last login of the user + when the user will be locked out by the module. The default + value is 90. + + + + + + + + + + If the fsize limit is set, this option can be + used to override it, preventing failures on systems with large UID + values that lead lastlog to become a huge sparse file. + + + + + + + + MODULE TYPES PROVIDED + + The and module type + allows one to lock out users who did not login recently enough. + The module type is provided for displaying + the information about the last login and/or updating the lastlog and + wtmp files. + + + + + RETURN VALUES + + + + + PAM_SUCCESS + + + Everything was successful. + + + + + + PAM_SERVICE_ERR + + + Internal service module error. + + + + + + PAM_USER_UNKNOWN + + + User not known. + + + + + + PAM_AUTH_ERR + + + User locked out in the auth or account phase due to + inactivity. + + + + + + PAM_IGNORE + + + There was an error during reading the lastlog file + in the auth or account phase and thus inactivity + of the user cannot be determined. + + + + + + + + + + EXAMPLES + + Add the following line to /etc/pam.d/login to + display the last login time of a user: + + + session required pam_lastlog.so nowtmp + + + To reject the user if he did not login during the previous 50 days + the following line can be used: + + + auth required pam_lastlog.so inactive=50 + + + + + FILES + + + /var/log/lastlog + + Lastlog logging file + + + + + + + SEE ALSO + + + limits.conf5 + , + + pam.conf5 + , + + pam.d5 + , + + pam8 + + + + + + AUTHOR + + pam_lastlog was written by Andrew G. Morgan <morgan@kernel.org>. + + + Inactive account lock out added by Tomáš Mráz <tm@t8m.info>. + + + + -- cgit v1.2.3